2021 Verizon Data Breach Investigations Report Proves That Cybercrime Continued to Thrive During the Pandemic

2021 Verizon Data Breach Investigations Report Proves That Cybercrime Continued to Thrive During the Pandemic

Hope Goslin By Hope Goslin
May 14, 2021

Verizon recently published its 2021 Data Breach Investigations Report (DBIR). This year, Verizon analyzed 79,635 incidents, of which 29,207 met their quality standards and 5,258 were confirmed data breaches, from 88 countries around the world.

Despite the global pandemic, the DBIR uncovered that cybercrime continued to thrive. Like previous years, the majority of breaches were financially motivated, and most were caused by external actors illegally accessing data.

Threat actors

Threat actor motives

Phishing, ransomware, and web app attacks … Oh my!

Phishing and ransomware attacks, along with the continued high number of web application attacks, dominated the data breaches for 2021. Phishing attacks were present in a whopping 36 percent of breaches in this year’s dataset, representing an 11 percent increase from last year.

Covid varieties

Ransomware attacks increased by 6 percent, accounting for 10 percent of breaches. This increase can likely be attributed to new tactics where ransomware now steals the data as it encrypts it. Ransomware has also proven to be very efficient for cybercriminals. It doesn’t take a lot of hands on keyboards and it’s a relatively easy way for cybercriminals to make a quick buck.

Web applications made up 39 percent of all data breaches. Most of the web applications attacked were cloud-based, which isn’t surprising giving the increased shift to digital during the pandemic. The majority of web application attacks were through stolen credentials or brute-force attacks. 95 percent of organizations that suffered a credentials management attack experienced between 637 to 3.3 billion malicious login attempts throughout the year.

Top hacking varieties

If you look at breaches by region, EMEA – comprised of Europe, the Middle East, and Africa – had the highest proportion of web application attacks. This is the second year in a row that web applications accounted for the majority (54 percent) of breaches in EMEA. Not surprisingly, the most commonly breached data type in EMEA was credentials – which goes hand-in-hand with web attacks. 

Patterns in EMEA breaches

In Asia, web application attacks fell second to social engineering attacks and in North America, web application attacks fell third – behind social engineering and system intrusion.

Web application threats were also prevalent across the 11 examined industries, especially in the information industry. The retail industry, which has notoriously been susceptible to web application attacks, has decreased its proportion of web application breaches.

What can organizations do to prevent web application attacks?

Applications are clearly an attack target, and they are vulnerable. Our recent State of Software Security report found that 76 percent of applications have some sort of security flaw. But our report also found that those who scan their code for security frequently and steadily fix half their security flaws about three weeks faster. Application security testing early and often works. And it also might soon be a requirement. The Biden administration’s recent executive order on cybersecurity includes requirements for software security testing, including static analysis and software composition analysis.

To learn more about application security best practices, check out our recent guide

Hope is part of the content team at Veracode, based in Burlington, MA. In this role, she focuses on creating engaging AppSec content for the security community.